Saturday, September 20, 2014

Sheplers,
the leading multi-channel western-wear retailer, today issued the
following statement:

Sheplers has determined that our payment systems suffered a security
breach in which hackers gained access to our systems and some of our
customers’ payment card information was exposed. With the
assistance of a leading computer security firm, we are continuing our
investigation into this incident, and we are cooperating with law
enforcement in their efforts to find the criminals responsible.
Although our investigation continues, at the present time, we believe
it is safe to use payment cards at Sheplers.

Our information to date indicates that the breach potentially impacts
customers who used payment cards at Sheplers’ retail locations
between June 11, 2014, and September 4, 2014. At this time, we do
not believe that this incident affected our online webstore.

… When we first
received an informal tip from a financial institution
suggesting the possibility of a breach, we hired a leading computer
security firm to conduct a thorough investigation and suspended
all electronic processing of payment cards for sales at
our retail store locations until we could determine whether customer
information was at risk.

Interesting
collection of comments. I would say: remain humble, it will happen
to you.

…
What types of security solutions should have been used by Home
Depot? What are best practices for avoiding such incidents? What
steps should the retail industry take? These are just some of the
questions answered by members of the security industry.

And
the Feedback Begins...

For
my Computer Security students. How to defeat simple passwords. My
Ethical Hackers must create a tool like this.

Police are investigating after attempts were allegedly made to hack a
nationwide patient database.

In an email obtained by the Otago Daily Times, Southern
Primary Health Organisation clinical adviser Keith Abbott, of
Dunedin, warned GPs and health organisations about the ”significant
hacking attempt” on September 9.

He said the hacker tried to gain access to DrInfo,
which is used by health boards, including the Southern District
Health Board, medical centres and GPs around the country.

”Starting at 11am on September 9, in one case continuously lasting
for 12 hours, a single IP [internet protocol] address has made over
20 million attempts to guess the passwords of practices, PHOs and
DHBs in New Zealand,” Dr Abbott said.

A
man jumped over the White House fence and made it to the front doors
of the executive mansion before being apprehended on Friday, sparking
an evacuation within the complex shortly after President Barack Obama
departed for the weekend.

Omar
J. Gonzales, a 42-year-old white male from Texas, made it onto the
grounds at 7:20 EDT, a U.S. Secret Service spokesman said. Gonzales
ignored commands to stop and was ultimately caught, unarmed, just
inside the North Portico doors of the White House, one of the
building's main entrances.

…
Rolling Jubilee,
a group that grew out of the Occupy
Movement, announced
this week that it has purchased “for about three cents on the
dollar, of nearly four million dollars’ worth of private debt from
Everest College,
which is part of the for-profit Corinthian
Colleges system.
The debts had been incurred by more than two thousand students.”
The group then notified students that some of their debt had been
canceled. [For
three cents on the dollar, there may be a viable business opportunity
here. Or does that only work with failing schools? Bob]

“We find the number of people
who enroll for a class and immediately start taking it are twice as
likely to complete it as those who enroll a month or two before it
begins,” Koller explained.

…
A 95-page report
from the American Institutes for Research (AIR) has evaluated LAUSD’s
“Common Core Technology Project.” Only 1 teacher out of 245
classrooms reported
using the Pearson
curriculum. (It’s costing the district about $200 per device for a
three-year licensing deal.) 80% of high schools reported they “rarely
used the tablets.” The report found that the district was so busy
dealing with the distribution of the iPads, it
never really addressed using them in the classroom.

…
Spotify
has data-mined
what music college students listen to. [Was
this necessary? Bob]

With
56 Million Cards Compromised, Home Depot's Breach Is Bigger Than
Target's

Home
Depotannounced
that 56 million credit cards were compromised in a breach that lasted
from April to September 2014—making this latest retail breach
larger than Target’s 40-million card breach.

…
Home Depot says the malware used in the attack has not been seen in
previous attacks, describing the malware as “unique” and
“custom-built.” This differs from reports
during the investigation that experts believed the breach involved
the same malware as the Target breach.

…
Home Depot estimates that the breach has cost approximately $62
million, with more costs likely to come. The company believes it
will be reimbursed $27 million thanks to its insurance coverage.
Last month, Target announced that its breach cost the company $148
million, more than twice the amount Home Depot is estimating.

…
Home Depot also announced that it has now “rolled out enhanced
encryption of payment data” to all its stores in the United States,
completing a project that was started at the beginning of this year.

…
Interestingly, Krebs On Security reported the new Home Depot breach
figures actually would have been much larger, but the
numbers were limited because the thieves chose to only attack
self-checkout units.

“Many
banks have been bracing for a financial hit that is much bigger than
the exposure caused by the breach at Target, which lasted only three
weeks and exposed 40 million cards,” the
Krebs report said. “But so far, banking sources say Visa and
MasterCard have been reporting far fewer compromised cards than
expected given the length of the Home Depot exposure.” Krebs also
reported that MasterCard is telling financial institutions that it
“found evidence of compromise at approximately 1,700 of the nearly
2,200 U.S. stores, with another 112 stores in Canada potentially
affected.”

(Related)
“We can get plywood from Oregon to New Jersey in three days.
Computer Security isn't that important.”

…
As to the timeline, multiple financial institutions report that the
alerts they’re receiving from Visa and MasterCard about specific
credit and debit cards compromised in this breach suggest that the
thieves were stealing card data from Home Depot’s cash registers up
until Sept. 7, 2014, a full
five days after news of the breach first broke.

Imagine
if this had happened to Congressional paychecks! (Not that those
guys need the money) Makes a really good “bad example” for my
Computer Security class. This can happen when you use the same
password on multiple systems.

A hacker stole the paychecks from four FDNY
firefighters by breaking into a computer at their engine company,
stealing their passwords — and then routing the dough to Russia,
sources said on Wednesday.

The firefighters, from Staten Island’s Engine Co. 167, discovered
that their paychecks hadn’t been direct-deposited into their bank
accounts about three weeks ago, the sources said.

I'd
like to see more. Are they saying that this information is Private,
so they want to make it Public? Or is the concern that the police
(“authorities” or “government” in this article) are screwing
up the surveillance? Or that knowing where a police car was would
cripple national security?

A California judge’s ruling against a tech entrepreneur seeking
access to records kept secret in government databases detailing the
comings and goings of millions of cars in the San Diego area via
license plate scans was the second legal setback within a month for
privacy advocates.

An initial ruling issued Thursday upheld the right of authorities to
block the public from viewing information collected on vehicles by
networks of cameras on stoplights and police cars. A judge will
hear arguments Friday in the case before the ruling becomes final.

As a black sedan pulled into downtown Washington traffic earlier this
week, a man in the back seat with a specially outfitted smartphone in
each hand was watching for signs of surveillance in action. “Whoa,
we’ve just been hit twice on this block,” he said, excitement
rising in his voice, not far from FBI headquarters.

Then as the car passed the Federal Trade Commission’s limestone
edifice, “Okay, we just got probed.” Then again, just a few
minutes later, as the car moved between the Supreme Court and the
Capitol, he said, “That’s the beginning of an interception.”

The man was Aaron Turner, chief executive of Integricell, a mobile
security company.

As
Goldsmith acknowledges, if there are indeed IMSI catchers in the
locations his company reported on Wednesday, the CryptoPhone cannot
easily determine whether they are deployed by the U.S. government, a
local police force, a foreign intelligence agency or some other
entity.

Experts
say the most common users of IMSI catchers are law enforcement
agencies, but such surveillance gear has become so affordable and
common that many security experts believe that criminals are using
them to spy on targets, including perhaps the police themselves.

If
you don't pay attention (manage) it is really easy to get it wrong.
I'd be a lot happier if they simply “received” information from
all of these entities.

GAO
released yet another report on Healthcare.gov on this week (the first
one was noted here).
From the highlights:

Enrollment through Healthcare.gov is supported by the exchange
of information [What
health information do they “exchange?” Bob] among
many systems and entities. The Department of Health and Human
Services’ (HHS) Centers for Medicare & Medicaid Services (CMS)
has overall responsibility for key information technology (IT)
systems supporting Healthcare.gov. These include, among others, the
Federally Facilitated Marketplace (FFM) system, which facilitates
eligibility and enrollment, plan management, and financial
management, and the Federal Data Services Hub, which acts as the
single portal for exchanging information between the FFM and other
systems or external partners. CMS relies on a variety of federal,
state, and private-sector entities to support Healthcare.gov
activities. For example, it exchanges information with the
Department of Defense, Department of Homeland Security, Department of
Veterans Affairs, Internal Revenue Service, Office of Personnel
Management, Peace Corps, and the Social Security Administration to
help determine applicants’ eligibility for healthcare coverage
and/or financial assistance. Healthcare.gov-related systems are also
accessed and used by CMS contractors, issuers of qualified health
plans, state agencies, and others.

Wasn't
this resolved by the Walker case? If someone with a gun asked me to
identify myself, I probably would. If they don't like my ID –
perhaps because it's from another state – what can they do next?

Last week a Los Angeles police officer detained
the movie actress Danielle Watts and told
her, “I have every right to ask for you ID…. You do not have a
right to say ‘No’…. Somebody called, which gives me the right
to be here, so it gives me the right to identify you by law.”

In the aftermath, the Los Angeles Police Protective League (LAPPL)
has posted a false and misleading so-called “public service
announcement” on the subject of Providing
ID To Police Officers.

What happened to Ms. Watts, and what is our reading of the case law
on these issues?

Thursday, September 18, 2014

How
should I interpret this? Home Depot has no record of the
transactions involved? The breach is so big that it is easier to
assume the entire population was involved that to accurately
determine who was/was not involved? Neither Home Depot nor their
lawyers have any idea how to manage a breach?

Hogan
Lovells, attorneys for Home Depot, sent the New Hampshire Attorney
General a notification of the breach. Their letter, dated September
9, reiterates that they first learned of a possible breach on
September 2 and confirmed it on September 9.

Home
Depot still doesn’t have exact numbers, it seems. The letter says
that “At this time we cannot determine how many residents of the
state are affected.” Home Depot therefore notified
every New Hampshire resident who used a payment card in
their stores from April on, including an offer of free credit
monitoring services.

You
can read their notification
(pdf) with the attached notice to consumers.

Local!
Someone looking for a handy dumpster? Have these already been mined
for personal information?

Compared to parents in Malaysia, Poland and Italy, American parents
look like babes in the woods when it comes to awareness of in-school
data mining of their children’s information, including online
behavior and email habits. Whereas 75 percent of Malaysians, 71
percent of Poles and 70 percent of Italians are aware of the
practice, only 51 percent of parents in the United States know about
it. But once they do know
about it, more than nine out of 10 are “concerned or very concerned
about the practice” and more than four out of five say
they are likely to take action against the practice.

These results come from a set of surveys conducted by SafeGov.org
among parents worldwide to understand their views on the benefits and
risks of expanding in-school access to Internet applications such as
email, document creation and group collaboration. In the United
States, 540 people were surveyed online in August 2012 for a margin
of error of ±4.16. In other countries the surveys were done in 2013
and 2014 for a margin of error that ranged from ±4.33 to ±5.67.

After
the recent leak of nude
celebrity photos, possibly due to an iCloud hack, it was
reasonable to expect Apple to react at its iPhone event. Not a word
was said about the incident during the event, but Tim Cook later said
the company is taking additional steps to protect its users' security
and privacy, and now, Apple is delivering on that promise.

We've
noticed yesterday that Apple had strengthened its iCloud
security with two-factor authentication; now, the company made
public its updated Privacy Policy on an entirely new
section of its website.

…
Finally, Cook claims Apple has "never worked with any
government agency from any country to create a backdoor in any of our
products or services." "We have also never allowed access
to our servers. And we never will," he writes.

The
wording of that last paragraph is particularly interesting; when
asked about its participation in NSA's PRISM program back in June
2013, Apple
said it does not give any government agency "direct access"
to its servers. "Any government agency requesting customer data
must get a court order," Apple said at the time.

Now,
Cook says flat out Apple has never allowed access to its servers —
direct or not — and court orders are not mentioned.

That
position is reiterated in a special section of Apple's new Privacy
page, called "Government
Information Requests". There, Apple goes a step further,
claiming it cannot decrypt a user's phone (if it's protected by a
passcode) even if a government requests it.

…
There's a catch, though: even if Apple is unable to hand over the
data from your phone, it can (and will, if asked via a court order)
hand over the data from your iTunes or iCloud account.

Because
only real 'Mericans should have guns. Not them thar A-rab-americans,
or them Mes-i-can-americans or anyone else what ain't us.

The Obama administration quietly has been forcing new gun buyers to
declare their race and ethnicity, a policy change that critics say
provides little law enforcement value while creating the risk of
privacy intrusions and racial profiling.

With little fanfare, the Bureau of Alcohol, Tobacco, Firearms and
Explosives (ATF) in 2012 amended its Form 4473 — the transactional
record the government requires gun purchasers and sellers to fill out
when buying a firearm — to identify buyers as either Hispanic,
Latino or not. Then a buyer must check his or her race: Indian,
Asian, black, Pacific Islander or white.

How
do workers feel about the adequacy of their skills? Until now, few
studies have examined their views. Today, a survey
of employees is being released that provides strong confirmation of
the notion that employees need better skills to do their jobs well,
especially skills related to technology.

…
The new survey, commissioned by Udemy,
a company that provides online training courses, sharply challenges
the view that the skills gap is a corporate fiction. Polling 1,000
randomly selected Americans between the ages of 18 and 65, the survey
found that 61% of employees also feel that there is a skills gap.
Specifically, 54% report that they do not already know everything
they need to know in order to do their current jobs. Moreover, about
one third of employees report that a lack of skills held them back
from making more money; a third also report that inadequate skills
caused them to miss a promotion or to not get a job.

The
most important skills that employees are missing are computer and
technical skills. Of those reporting that they needed
skills for their current job, 33% reported lacking technical skills,
including computer skills.

Research
participants who had spent 15 minutes solving math problems were 4
times more likely to lie for personal gain in an ethics game
than those who had answered randomly selected verbal questions from a
standardized test, says a team led by Long Wang of the City
University of Hong Kong. The act of calculating appears to crowd out
people’s social and moral concerns, resulting in behavior that is
more self-interested and even immoral. Stimuli such as family photos
that prompt thoughts about social values appear to diminish these
negative effects, the researchers say.

Wednesday, September 17, 2014

C&K Systems Inc., a third-party payment vendor
blamed for a credit and debit card breach at more than 330 Goodwill
locations nationwide, disclosed this week that the intrusion lasted
more than 18 months and has impacted at least two other
organizations.

JPMorgan
Chase, one of the largest banks in the United States, has confirmed
that its systems were breached
this summer, but investigators say there's no evidence that the
attackers had gained access to highly sensitive information.

People
familiar with the investigation have told The
New York Times that the hackers penetrated roughly 90 of the
company's servers between June and late July when the breach was
detected. The attackers reportedly gained access to the details of
one million customers and information on installed software after
obtaining high-level administrative privileges, but an unnamed
individual close to the matter said only
names, addresses and phone numbers have been compromised.

There
appears to be no evidence that social security numbers, financial
information, or proprietary software have been obtained.

For
my Computer Security students: This is why we try to teach every
employee about security.

Computers
are typically infected after victims
click on a malicious link in an email purporting to be
from Australia Post or Telstra.

…
In order to help victims, two security firms have collaborated on a
service called Decrypt
Cryptolocker, which claims to decrypt files for free and has been
hailed
by Stay Smart Online. But Mr Bailey said the site didn't always
work.

"We
have seen this [website] work in some cases to be able to decrypt
files and not for others," Mr Bailey said.

The
US military is building a new cyber defense corps that can be used to
protect the nation and possibly for offensive purposes, the commander
of the unit said Tuesday.

National
Security Agency director Michael
Rogers,
who also
heads the US Cyber Command, said the 6,200-member unit should be
fully operational by 2016, to bolster defenses against hackers and
state-sponsored cyberattacks.

Rogers
told a cybersecurity conference that the unit would be able to assist
in protecting against cyberattacks on "critical infrastructure,"
which includes computer-controlled power grids, financial networks,
transportation and other key sectors.

Can't
wait until the government takes all our health care records public!

GAO
has released a report on Healthcare.gov. Here are some of the
highlights of the report:

While CMS has taken steps to protect the security and privacy of data
processed and maintained by the complex set of systems and
interconnections that support Healthcare.gov, weaknesses remain both
in the processes used for managing information security and privacy
as well as the technical implementation of IT security controls. CMS
took many steps to protect security and privacy, including developing
required security program policies and procedures, establishing
interconnection security agreements with its federal and commercial
partners, and instituting required privacy protections. However,
Healthcare.gov had weaknesses when it was first deployed, including
incomplete security plans and privacy documentation, incomplete
security tests, and the lack of an alternate processing site to avoid
major service disruptions. While CMS has taken steps to
address some of these weaknesses, it has not yet fully mitigated all
of them. In addition, GAO identified weaknesses in the technical
controls protecting the confidentiality, integrity, and availability
of the FFM [Federally Facilitated Marketplace - Dissent].
Specifically, CMS had not: always required or enforced strong
password controls, adequately restricted access to the Internet,
consistently implemented software patches, and properly configured an
administrative network. An important reason that all of these
weaknesses occurred and some remain is that CMS did not and has not
yet ensured a shared understanding of how security was implemented
for the FFM among all entities involved in its development. Until
these weaknesses are fully addressed, increased and unnecessary risks
remain of unauthorized access, disclosure, or modification of the
information collected and maintained by Healthcare.gov and related
systems, and the disruption of service provided by the systems.

[...]

What GAO Recommends

GAO is making six recommendations to implement security and privacy
management controls to help ensure that the systems and information
related to Healthcare.gov are protected. HHS concurred but disagreed
in part with GAO’s assessment of the facts for three
recommendations. However, GAO continues to believe its
recommendations are valid, as discussed in the report.

A
Department of Justice proposal
to amend Rule 41 of the Federal Rules of Criminal Procedure would
make it easier for domestic law enforcement to hack into computers of
people attempting to protect their anonymity on the Internet. The
DOJ has explicitly
stated that the amendment is not meant to give courts the power
to issue warrants that authorize searches in foreign countries—but
the practical reality of the underlying technology means doing so is
almost unavoidable.

The
result? Possibly the broadest expansion of extraterritorial
surveillance power since the FBI’s inception.

…
Broadly, the term “Network Investigative Techniques,” (NIT)
describes a method of surveillance that entails “hacking,” or the
remote access of a computer to install malicious software without the
knowledge or permission of the owner/operator. Once installed,
malware controls the target computer.

The
right Network Investigative Technique can cause a computer to perform
any task the computer is capable of—covertly
upload files, photographs and stored e-mails to an FBI controlled
server, use a computer’s camera or microphone to gather images and
sound at any time the FBI chooses, or even take
over computers which associate with the target (e.g. by accessing
a website hosted on a server the FBI secretly controls and has
programmed to infect any computer that accesses it).

Like
Apps, “There's a business model for that.” e-Country Clubs,
whoda thunk it?

Netropolitan
is a new hob-knobbing social media network for the filthy rich and
costs a peasantry $9,000 to join plus $3,000 each year in member
fees.

Netropolitan
calls itself an “online country club for people with more money
than time” and was started by James Touchi-Peters who claimed that
the wanted an “environment where you could talk about the finer
things in life without backlash.”

–
is an addictive little game which uses the images from the Reddit
page “Earth Porn”. You have to find the emoji who is standing
still among a sea of rapidly moving emojis. Once you do, you get to
the next level. In the background are different pictures of
beautiful scenes from around the world.

This
might be useful for my Javascript programming students, if they can
find or build a useful algorithm.

–
is a platform for viewing, creating and sharing any type of
algorithm. All algorithms on the site are public and can be viewed
and shared by any user of the site. Registered users can create new
algorithms or fork an existing one.

The
video below describes how an infrared device on iPhones can be used
to steal Personal Identification Numbers (PINs) on ATM cards and
credit cards. It is important that you watch this video because it
also contains instructions on how to prevent theft.

Tuesday, September 16, 2014

The
Veterans Administration continues to struggle with securing veterans’
personal and protected health information, as its monthly reports to
Congress reflect. First, consider the sheer number of different
types of incidents reported to Congress for
the month of August:

Total number of Internal Un-encrypted E-mail Incidents 92

Total number of Mis-Handling Incidents 114

Total number of Mis-Mailed Incidents 138

Total number of Mis-Mailed CMOP Incidents 9

Total number of IT Equipment Inventory Incidents 9

Total number of Missing/Stolen PC Incidents 1 (1 encrypted)

Total number of Missing/Stolen Laptop Incidents 9 (9 encrypted)

Total number of Lost BlackBerry Incidents 17

Total number of Lost Non-BlackBerry Mobile Devices(Tablets,
iPhones, Androids, etc.) Incidents 3

Mobile
is a drop in he bucket. The vast majority of “endpoints” will
exist on the Internet of Things. Unfortunately, each new
“generation” of devices ignores security in the early iterations.
Then we play catch up for the next few years.

Focus
of Endpoint Breaches Will Shift to Mobile Devices by 2017: Gartner

At
the Gartner Security and Risk Management Summit taking place in the
United Arab Emirates, the IT research and advisory firm's analysts
are discussing the latest mobile security trends and threats.

Gartner
predicts that mobile devices will become increasingly targeted by
cybercriminals in the upcoming years, and warned organizations of
some risks they face unless they take measures. Gartner believes
that by 2015, over 75% of
mobile applications will fail basic security tests.

…
While
currently most attacks target desktop devices, Gartner predicts
that the focus of endpoint breaches will shift to mobile devices such
as tablets and smartphones.

Seems
like a fast response, but remember: each new generation repeats the
sins of the previous generation. If you remember that, you know what
questions to ask. Unfortunately, you also know what the answers will
be.

Connecticut’s attorney general has called for a meeting with Apple
over concerns about the privacy of health data collected by the Apple
Watch.

“When new technologies emerge in consumer markets they inevitably
lead to new questions, including questions about privacy,” Attorney
General Jepsen said.

Apple has already said that it will not share health information from
Apple Watch users. CEO Tim Cook reiterated that on Friday in his
interview with Charlie Rose on PBS.

Still, Jepsen has questions for Apple about how the health data will
be stored and what specific data the Apple Watch will be able to
collect. He also questions how Apple will monitor third-party apps
that claim to make diagnoses if they don’t have proper approval
from government regulators.

The FBI announced
that the Next Generation Identification system, one of the largest
biometric databases in the world, has reached “full operational
capability.” In 2013, EPIC filed a Freedom of Information Act
lawsuit
about the NGI program. EPIC obtained documents
that revealed an acceptance of a 20% error rate in facial recognition
searches. Earlier this year, EPIC joined a coalition of civil
liberties groups to urge
the Attorney General Eric Holder to release an updated Privacy Impact
Assessment for the NGI. The NGI is tied to “Rap Back,” the FBI’s
ongoing investigation of civilians in trusted positions. EPIC also
obtained FOIA documents
revealing FBI agreements with state DMVs to run facial recognition
searches, linked to NGI, on DMV databases. EPIC’s recent Spotlight
on Surveillance concluded that NGI has “far-reaching
implications for personal privacy and the risks of mass
surveillance.” For more information, see EPIC:
EPIC v. FBI – Next Generation identification.

What
is going on here? A very small minority of customers that don't
allow them to analyze their behavior for advertising? Some confusion
in their legal department?

…
One Comcast representative, identified only as Kelly, warned a
customer over his use of Tor software,
DeepDotWeb reports:

Users who try to use anonymity, or cover themselves up on the
internet, are usually doing things that aren’t so-to-speak legal.
We have the right to terminate, fine, or suspend your account at
anytime due to you violating the rules. Do you have any other
questions? Thank you for contacting Comcast, have a great day.

…
In a statement to Deepdotweb, Comcast
defended its actions, seemingly asserting that it needs to
be able to monitor internet traffic in case they receive a court
order:

April
Glaser writes that Comcast has responded to allegations previously
noted on this blog:

This morning Comcast issued
a statement denying that the ISP is blocking Tor and denying that
there is any record of exchanges between Comcast and Tor users. The
Vice President went as far as to say that he also uses Tor at times,
adding, “Comcast doesn’t monitor our customer’s browser
software, web surfing or online history.”

But considering the fact that Comcast hasn’t always been completely
transparent about its network practices, we still invite Internet
users to contact us if they’ve been discouraged from using Tor by
any Internet service provider. To do so, please email info@eff.org
to share your story.

A
week after nude pictures of an Israeli high school teacher were
posted online, the mother of two plans to return to class Tuesday as
debate here swirls over issues of privacy, law and digital decorum.

…
The high school is one of several in Israel replacing textbooks with
computer tablets. The teacher lent her tablet to a pupil who had
forgotten hers. Another classmate snooping around the photos file
found several nude pictures, snapped them with his cellphone camera
and passed them on.

The
teacher was further shocked to learn that images
long deleted from her phone were on the school-issued
device, which pulled them
from the cloud as she synced it with her phone and
electronic mail as instructed by the program’s computer managers,
who reportedly did not mention any information sensitivity issues.

…
In January, the parliament, or Knesset, voted to make online
circulation of intimate images without the subject’s full consent
an act of sexual harassment that can carry a five-year jail sentence.

Being
a minor does not protect the 17-year-old student from criminal law,
according to the teacher's attorney, Orit Hayoun, who expects the
police to investigate the case and the school to discipline the
offender and stand by its employee.

…
The attorney said that although depicting his client naked, the
pictures were innocuous. “We don’t live in the dark ages,” she
said. [Apparently, here in
the US, we do. Bob]

More
US bank branches closed in 2013 than ever before. More than 85% of
retail banking transactions are now digital. The bank branch is
“going south,” mobile-banking entrepreneur Brett King said
to CNBC. “And there’s no reason to assume we’ll see a
resurgence of activity at the branch—the mobile app is the nail in
the coffin.”

So
are we witnessing the death throes of brick-and-mortar retail
banking? Will banking soon be like the business of selling recorded
music—almost all done online?

In
our view, no. Rather than going the way of Tower Records, leading
banks are reinventing themselves with innovative mashups
of digital technologies and physical facilities, a combination we
call “digical.”

In the complaint BO v DE from September last year, a lawyer acting
for a man in a relationship property matter emailed a letter to the
man’s ex-wife at her work address. The lawyer had been given the
address by his client, the former husband.

According to the LCRO’s decision, the woman was furious at
receiving “an intensely personal, embarrassing and defamatory”
email at her work address. Through her lawyer, she demanded an
apology from her ex-husband’s lawyer and she vigorously denied
suggestions in the letter about alcohol abuse and gambling. The
woman said the email and attachment had become the property of her
employer, and others in her workplace might have access to it.

An already tumultuous
New Zealand election campaign took another dramatic turn less
than a week before polling day when the prime minister, John Key,
responded angrily to claims by the American journalist Glenn
Greenwald that he had been “deceiving the public” over assurances
on spying.

Greenwald, who is visiting New Zealand at the invitation of the
German internet entrepreneur Kim
Dotcom, says he will produce documents provided by the NSA
whistleblower Edward Snowden that prove the New Zealand government
approved mass surveillance of its residents by the Government
Communications Security Bureau (GCSB), New Zealand’s equivalent of
the NSA.

Piano
Maestro (formerly known as Piano Mania) is a neat iPad app from
Joy Tunes. The new Piano Maestro app offers lessons on playing the
piano. Students place their iPads on their pianos or electronic
keyboards to view the lesson as they play along. The app offers
challenges of varying difficulty from simple one-hand lessons to
complex lessons requiring the use of both hands. Students earn
points for completing each lesson and mastering new songs. Teachers
can check their students’ progress by having students use the
“connect to teacher” feature of Piano Maestro.

Piano
Maestro is free to
download and access for basic lessons. More difficult
lessons and the larger catalog of music requires purchasing the
premium features. But this
fall Joy Tunes is offering Piano Maestro’s premium features for
free to registered music teachers and their students. The
premium features includes a library of more than 800 songs including
pop music songs from artists like Bruno Mars and Taylor Swift.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.